#################################################### Nemesida WAF settings

1. ##################################################
2.  
3. ## Nemesida WAF settings
4.  
5. ##################################################
6.  
7.  
8. ##
9.  
10. # License key and signature database
11.  
12. ##
13.  
14.  
15. nwaf_license_key none;
16.  
17. nwaf_rules /etc/nginx/nwaf/rules.bin;
18.  
19.  
20. ##
21.  
22. # Nemesida WAF activation for virtual host
23.  
24. ##
25.  
26.  
27. nwaf_host_enable *;
28.  
29. # nwaf_host_enable example.com, example.org;
30.  
31. # nwaf_host_enable .example.com;
32.  
33. # nwaf_host_enable *.example.com;
34.  
35.  
36. ##
37.  
38. # Ban settings
39.  
40. ##
41.  
42.  
43. nwaf_limit rate=5r/m block_time=600;
44.  
45. # nwaf_limit rate=5r/m block_time=0 domain=example.com;
46.  
47.  
48. ##
49.  
50. # API and proxy settings
51.  
52. ##
53.  
54.  
55. nwaf_api_conf host=http://nwaf-api.xxx.ru:8081 api_proxy=none sys_proxy=none;
56.  
57.  
58. ##
59.  
60. # MLA settings
61.  
62. ##
63.  
64.  
65. nwaf_mla 127.0.0.1:5101 mla_score:2;
66.  
67.  
68. # nwaf_mla_host_lm *;
69.  
70. # nwaf_mla_host_lm example.com, example.org;
71.  
72. # nwaf_mla_host_lm .example.com;
73.  
74. # nwaf_mla_host_lm *.example.com;
75.  
76.  
77. ##
78.  
79. # MLC settings
80.  
81. ##
82.  
83.  
84. # nwaf_rmq_host_exclude *;
85.  
86. # nwaf_rmq_host_exclude example.com, example.org;
87.  
88. # nwaf_rmq_host_exclude .example.com;
89.  
90. # nwaf_rmq_host_exclude *.example.com;
91.  
92.  
93. # nwaf_ai_extra_host_lm *;
94.  
95. # nwaf_ai_extra_host_lm example.com, example.org;
96.  
97. # nwaf_ai_extra_host_lm .example.com;
98.  
99. # nwaf_ai_extra_host_lm *.example.com;
100.  
101.  
102. # nwaf_ai_extra_host_wl *;
103.  
104. # nwaf_ai_extra_host_wl example.com, example.org;
105.  
106. # nwaf_ai_extra_host_wl .example.com;
107.  
108. # nwaf_ai_extra_host_wl *.example.com;
109.  
110.  
111. ##
112.  
113. # RabbitMQ and AI extra global settings
114.  
115. ##
116.  
117.  
118. nwaf_rmq host=127.0.0.1 user=guest password=guest ai_extra=on;
119.  
120.  
121. ##
122.  
123. # ClamAV settings
124.  
125. ##
126.  
127.  
128. # nwaf_clamav 127.0.0.1:3310;
129.  
130. # nwaf_clamav 127.0.0.1:3310 FILE_ONLY;
131.  
132.  
133. ##
134.  
135. # Enable logging for all matched rules
136.  
137. ##
138.  
139.  
140. # nwaf_log_mr_all;
141.  
142. # nwaf_log_mr_all domain=example.com;
143.  
144. # nwaf_log_mr_all domain=.example.com;
145.  
146. # nwaf_log_mr_all domain=*.example.com;
147.  
148.  
149. ##
150.  
151. # Global WL/LM policy
152.  
153. ##
154.  
155.  
156. ## Add client's IP to the whitelist
157.  
158. # nwaf_ip_wl x.x.x.x;
159.  
160. # nwaf_ip_wl x.x.x.x domain=example.com;
161.  
162. # nwaf_ip_wl x.x.x.x domain=.example.com;
163.  
164. # nwaf_ip_wl x.x.x.x domain=*.example.com;
165.  
166.  
167. ## Add client's IP to the LM mode (like an IDS mode)
168.  
169. # nwaf_ip_lm x.x.x.x;
170.  
171. # nwaf_ip_lm x.x.x.x domain=example.com;
172.  
173. # nwaf_ip_lm x.x.x.x domain=.example.com;
174.  
175. # nwaf_ip_lm x.x.x.x domain=*.example.com;
176.  
177.  
178. ## Switch off the Nemesida WAF
179.  
180. # nwaf_host_wl *;
181.  
182. # nwaf_host_wl example.com, example.org;
183.  
184. # nwaf_host_wl .example.com;
185.  
186. # nwaf_host_wl *.example.com;
187.  
188.  
189. ## Add vhosts to the LM mode (like an IDS mode)
190.  
191. # nwaf_host_lm *;
192.  
193. # nwaf_host_lm example.com, example.org;
194.  
195. # nwaf_host_lm .example.com;
196.  
197. # nwaf_host_lm *.example.com;
198.  
199.  
200. ## Add file's hash to ClamAV whitelist
201.  
202. # nwaf_clamav_wl FILE-MD5-HASH;
203.  
204.  
205. ##
206.  
207. # Exclude request body processing for PUT method
208.  
209. ##
210.  
211.  
212. # nwaf_put_body_exclude *;
213.  
214. # nwaf_put_body_exclude example.com, example.org;
215.  
216. # nwaf_put_body_exclude .example.com;
217.  
218. # nwaf_put_body_exclude *.example.com;